Sian John MBE’s Post

Today, the National Cyber Security Centre (NCSC) launched its 2025 annual review, reflecting on this past year’s cyber security threats and emerging trends – and future priorities.    In his speech NCSC CEO Richard Horne highlighted the role of partners and the importance of strengthening the UK's resilience against those who wish to harm the UK’s national security.    ‘We’re working with our partners in the UK’s intelligence community including our colleagues in the National Protective Security Authority. We know that our adversaries are combining cyber means with physical methods in order to further their aims.’   As the annual review outlines, this year NPSA partnered with NCSC the Department for Science, Innovation and Technology and the Department for Business and Trade to launch the Secure Innovation Security Reviews Scheme to support the UK’s emerging technology sector. The scheme part-funds security reviews by approved Security Reviewers for up to 500 early-stage tech organisations. Learn more about this opportunity on the NPSA website: https://lnkd.in/eQ_aCRhH    To see the full NCSC Annual Review visit the NCSC website: https://lnkd.in/gsPDRdSD    #NCSC #NPSA #NCSCAnnualReview

Comments from the minister of state in the UK - Dan Jarvis MBE MP Digital Connectivity: The UK is one of the most digitally connected nations, which brings many benefits to society and the economy. Cyber Risks: With increased digital activity comes greater exposure to cyber threats. High-profile cyber attacks have shown how damaging these can be. Commitment to Security and Progress: The UK aims to continue advancing technologically while maintaining strong cybersecurity measures. Read more from the minister of state in the annual review

As geopolitical tensions rise, UK businesses are facing increasingly sophisticated cyber threats from hostile state actors. In the latest article from SC Magazine, our Partner Daryl Flack , shares expert insight on why commercial organisations must adopt the same strategic posture as Critical National Infrastructure (CNI) operators to stay protected. “UK PLC is now a prime target. Without resilience by design, businesses risk disruption, reputational damage, and strategic compromise,” says Daryl. From reactive fixes to proactive defence, this piece explores how organisations can embed resilience from the ground up- across architecture, operations, and culture. 📖 Read the full article here: https://lnkd.in/eVBt_mYJ #CyberSecurity #ResilienceByDesign #Avella #CNI #UKBusiness #ThreatIntelligence #DarylFlack #ChinaThreat #CyberResilience #AvellaSecurity

“UK PLC is now a prime target. Without resilience by design, businesses risk disruption, reputational damage, and strategic compromise” This piece explores reactive fixes to proactive defence and how organisations can embed resilience from the ground up- across architecture, operations, and culture. Read on....

An excellent article by Kate O'Flaherty for SC Magazine that I was able to contribute to. In it she details why commercial organisations must adopt the same strategic posture as Critical National Infrastructure (CNI) operators to stay protected. 📖 Read the full article here: https://lnkd.in/e9-xdJRM What are your experiences in defending against these threats and what do you think we should be doing to mitigate the risk? #CyberSecurity #ResilienceByDesign #Avella #CNI #UKBusiness #ThreatIntelligence #ChinaThreat #CyberResilience #AvellaSecurity #SCMagazine #SCMedia

I read the NCSC's excellent annual review ('Time to ACT') as a wake-up call for corporate slow learners. What has surprised me most in the last year is not the rise in ransomware/RAAS attacks, which was predictable, but the tendency of some companies to put off or curtail spending decisions on cyber defence and resilience. That may be understandable given the economic outlook but it is hugely shortsighted. Any Board or CEO who thinks the current financial climate is tough to navigate should imagine doing it with a £300m loss and complete business interruption. It won't make it easier. I have two frustrations at the moment. First, attacks are preventable and catastrophic business interruption is completely avoidable through good resilience. Many, many companies are doing the right thing, but some aren't. Second, nearly all the major attacks in recent years involve the supply chain. Third-party cyber risk is not an unsolvable problem - best practice requires continuous monitoring and then acting on the findings to reduce the risk. Many companies, governments and regulators (eg Singapore) are there already. Finally, I was amused to see a whole page quote in the NCSC report about cyber security being an issue for the whole company 'not just the IT department.' That was a mantra that accompanied the pre-NCSC '10 Steps to Cyber Security' in 2012. I does underline the fact that some basic approaches to cyber security are not yet embedded across our economy. As everyone rushes to adopt AI in their networks, that ought to worry us. #cybersecurity #NCSC #tprm #supplychainsecurity #BlueVoyant #Microsoft Security https://lnkd.in/ep9_HDUN

What he said 👇 Please don’t delay security investment. Resilience across an organisation does not sit solely on the shoulders of IT to deliver - it’s a cross-functional responsibility that requires collaboration, a clear sense of operational priorities, intimate knowledge of your supply chain and the dependencies that sit across it, and a deep understanding of the nature of the threat.

Last week's NCSC Annual Review offered a sobering insight into the evolving cyber threat landscape, in particular the growth of intrusion products.    'The global commercial cyber intrusion sector will almost certainly expand over the next five years with state demand for intrusion products to meet national security requirements being a key driver.'   Nation states are actively participating in the development and procurement of offensive cyber capabilities. Exploit generation has become a full-fledged business, with high-performing teams, serious funding, and global reach. That might still surprise some people, the idea that cyber vulnerabilities are not just discovered but engineered, packaged, and sold. It’s a market, and it’s growing.   As cyber threats become more geopolitical, the line between national security and commercial cyber activity continues to blur. The implications for businesses and high-profile individuals are profound and is something we'll be watching closely here at coc00n. https://lnkd.in/eWm_Zys9

Today, I joined our UK Chairman, Ciaran Martin, at the SANS Institute Cyber Leaders Summit, where he delivered a compelling keynote on "Thugs vs Thieves." Ciaran emphasised the growing threat of cyber criminals deploying disruptive attacks as an easier means to extort organisations. He warned that such tactics are increasingly being mirrored by hostile nation states aiming to orchestrate cyber chaos on a larger scale, reflecting a significant national security concern. Ciaran's insights invite us to engage in an urgent conversation about what we prioritise, our data or our business operations. Recent incidents, like the JLR breach, illustrate the broader economic implications of cyber threats. It highlights the necessity for a comprehensive approach to cybersecurity that extends beyond merely protecting data to ensuring overall business resilience. We must leverage digital transformation and the use AI to strengthen our defenses and collaboratively safeguard our businesses against both criminals and state-sponsored threats. The time to act is now.

48% of organizations that suffered a major cyberattack are turning to managed services to close skills gaps. With cyber talent shortages high on the risk agenda, managed services are becoming a critical path to resilience. Learn more in our 2026 Global Digital Trust Insights report. https://pwc.to/3WHqj0w